step  up.  Scale  out. 

Introducing  IBM  NeXtScale  System. 

The  rising  demand  for  intelligence  from  increasing  data  volumes,  and  the  need  for  greater  efficiency  in 
the  doud.  may  leave  today’s  data  centers  inadequate  for  your  requirements.  Introducing  IBM  NeXtScale 
System'-  an  easy-to-deploy,  cost-effective,  hyperscale  computing  platform  that  focuses  on  maximizing 
density,  performance  and  efficiency  for  lower  operating  costs.  Its  simple  and  open  design  integrates 
with  your  existing  infrastructure  and  has  the  capability  to  help  reduce  onboarding  time  by  75%  with 
optional  IBM  Intelligent  Ouster.'  ’ 

Powered  by  the  new  Intel*  Xeon®  processor  E5-2600  v2,  IBM  NeXtScale  System  packs  3x  the  cores^ 
versus  previous  generation  1U  rack  servers,  and  up  to  37%  greater  performance^  and  36%  better  energy 
efficiency*  versus  previous  generation  systems.  This  high  performance  system  allows  you  to  obtain 
maximum  value  from  your  data  by  bringing  IBM’s  high  performance  computing  experience  to  work  for  you. 


See  how  IBM  NeXtScale  System  can  help  you  optimize  your 
data  center  for  compute-intensive  workloads. 

Download  the  Clabby  report  at  ibmxom/systems/nextscale 
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I  NeXtScate  System. 
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Fueled  by  Analytics 

14  Ford  is  using  big  data  to  drive  virtuaily  every  aspect  of  its  globai  turnaround. 


When  to  Pick 
a  Private  Cloud 

JO  Here's  how  to  determine  if  your 
organization  needs  the  security,  control  and 
performance  that  a  private  cioud  offers. 


Who  Owns  Mobility? 

24  Mobiiity  touches  muitiple  facets  of  IT  - 
platform  choice,  application  deveiopment. 
customer  engagement.  Does  it  make  sense 
to  put  one  person  in  charge  of  it  all? 


The  next  generation  of  mobile  con¬ 
nected  devices  may  make  life  easier 
for  consumers  in  the  long  run,  but 
today  they  present  a  bundle  of  bead- 
aches,  a  panel  of  industry  leaders  said  recently. 


wearable  devices  will  coexist  with  smart¬ 
phones  for  at  least  the  next  few  yeais,  though 
it  s  hard  to  predict  what  mobile  will  look  like 

But  beyond  convenience  and  the  cool  fector. 
M's  still  often  a  chore  to  live  with  these  devices, 
and  M  doesn't  get  easier  as  they  proliferate, 
panelists  at  the  Open  Mobile  SummM  said. 

"We're  about  to  hM  the  ceiling  of  what 
people  are  willing  to  haby-sM,"  said  Maik 
Rolston.  chief  creative  officer  at  Frog  Design. 
"How  many  devices  do  you  want  to  try  and 


keep  alive  and  awake  throughout  the  day?" 

In  all,  there  are  too  many  challenges  for 
users,  according  to  Rick  Osterloh,  senior  vice 

Motorola  Mobility  subsidiary. 

“If  you  look  at  what's  there  today,  M’s  just 
horribly,  terribly  broken  for  the  end  user," 
Osterloh  said.  “There's  so  much  to  go  fix."  He 
cited  manual  setup  of  wireless 
connections  via  Bluetooth,  Wi-Fi 
Direct  and  a  hornet's  nest  of 
other  technologies. 

The  whole  premise  of  mobile  interfaces  is 
wrong,  according  to  Osterloh  and  others.  They 
said  devices  should  be  asking  users  what  they 
want  and  leaming  from  prior  events  rather 
than  always  forcing  users  to  ask. 

-  Stephen  Lawson.  WG  News  Service 


Microsoft  will  either  have  to 
ditch  swaths  of  features  or  devise 
a  user  interface  that  can  hide  nxrst 
functionalitv  but  still  give  users  a 
way  to  find  the  tools  they  need. 

Analysts  don't  doubt  Microsoft's 
development  acumen,  but  they 
wonder  what 
choices  the  com¬ 
pany  will  make. 


THE  CLOUD 


(INSISTS,  GO  I 
GET  ’EM!  I 


Nothing  is  shaping  successful  businesses  faster  than  IT.  Which  makes  your  job  rather  important 
And  when  you  can  harness  all  that  the  cloud  is  capable  of,  just  watch  your  business  go. 

biiic.coiiiAlwcloud 
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Google  Making 
Tattoo  That’s 
A  Microphone 


BNSF  Heads  to  the  Cloud  With  Microsoft 


WHEN  BNSF  RAILWAY  ilccided  It 

prpmism  lo  a  public  cloud,  il 
nmidercd  offerings  from  varKius  sendors.  but 
ihimaielv  picked  Microsoft's  Office  365. 

The  railroad's  reasons  ssere  varied,  but 
amiliarity  with  Microsoft  products  and  a 
img'Slanding  relationship  with  the  vendor 
leremafor  factors  in  the  decision. 

'■  We  re  a  big  Microsoft  shop,  so  Office  365 
1  as  a  very  grxrd  fit  for  us.  It  just  made  sense,  ' 
avsi  lu  ann  Olsovsky.  CIO  at  the  Fort  Wonh. 
'exas-based  freight  transportation  company. 

BNSF  expected  10  ffnish  migrating  its 
0.000  emplusees  to  Office  365  5  Exchange 
Inline-  and  Lync  Online  hy  mid-December. 

usiomer  faring  portals  to  SharePoint  Online 
nd  adopt  SkvOrive  Pro  lor  cloud  storage. 

Like  mans  other  rirganizaliuns.  BNSF 
ix  ided  to  move  email  and  cullabrrration  tools 


Because  railway  companies  have  such 
specific  operations  and  needs.  BNSF  has 
had  to  build  a  lot  of  custom  IT  systems,  and 

more  important  than  tussling  with  email  and 

Office  365  is  also  expected  to  bring  other 
benefits.  For  example,  il  offers  a  significantly 
larger  inbox  capacity,  and  email  and  collabo¬ 
ration  capabilities  will  be  more  easily  and 
broadly  available  to  BNSF  staffers,  some  90% 
of  whom  work  remotely. 

soft  s  continued  integration  of  the  Yammer 
enterprise  srxial  networking  tool  with  Share- 
Point  and  with  other  pmdiKts. 

BNSF  employees  started  using  Yammer  last 
year  on  an  ad  hex  basis,  shortly  before  Micro- 

site  said,  and  the  tool  is  now  being  used  as  a 
••Ligging  plalfurm  at  the  company. 
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Go(^e  Making 
Tattoo  That’s 
A  Microphone 


BNSF  Heads  to  the  Cloud  With  Microsoft 


WHCa  tHSF  RAILWAY  decided  it 
would  move  its  enuil  and  coi- 
laboratioa  systems  from  its  own 
premises  to  a  public  cloud,  it 
considered  ofiiehngs  from  various  vendors,  but 
ukimately  picked  Microsoft’s  Office  365. 

Tbe  railroad's  reasons  were  varied,  but 
familiarity  with  Mkiosoft  products  and  a 

were  major  factors  in  tbe  decision. 

“We’re  a  big  Microsoft  shop,  so  Office  365 
was  a  very  good  6t  for  us.  It  just  made  sense," 
says  lo-ann  Olsovsky,  ao  at  the  Fort  Worth, 

BNSF  expected  to  fini^  migrating  its 
40,000  employees  to  Office  36s’s  Exchange 
Online  and  Lync  Online  by  mid-December. 

At  a  later  pha^  it  will  switch  its  intranet  and 
customer-facing  portals  to  SharePoim  Online 
and  adopt  SkyDiive  Pro  for  cloud  storage. 

Like  many  other  oiganizations,  BNSF 
decided  to  move  email  and  collaboration  tools 
to  tbe  doud  to  give  its  IT  staff  more  time  to 


Because  railway  companies  have  such 
speciBc  operations  and  needs,  BNSF  has 
had  to  build  a  lot  of  custom  IT  systems,  and 
maintaining  and  improving  those  systems  is 
more  importam  than  tussling  with  email  and 
collaboration  serveis. 

Office  365  is  also  expected  to  bring  other 
benefits.  For  example,  it  offeis  a  significantly 
larger  inbox  capacity,  and  email  and  collabo¬ 
ration  capabilities  will  be  more  easily  and 
broadly  available  to  BNSF  staffers,  some  90% 
of  whom  work  remotely. 

Olsovsky  is  also  looking  forward  to  Micro- 

enterprise  social  networking  tool  with  Share- 
Point  and  with  other  products. 

BNSF  employees  started  using  Yammer  last 
year  on  an  ad  hoc  basis,  shortly  before  Micro¬ 
soft  acquired  the  company  for  $1.2  billion, 
she  said,  and  the  tool  is  now  being  used  as  a 
blogging  pfatibrm  at  the  company. 

-turn  Carlos  Ptm.IDC  News  Service 


THE  VOLUME  OF  BUSINESS 
DATA  WORLDWIDE  IS 
EXPECTED  TO  DOUBLE 
EVERY  1.2  YEARS. 


Be  ready  with  the  storage 
that’s  ready  for  the  future. 


SarDisk 


the  cost  of  doing  this  outweighed  the  benefits 


Is  your  data  center 
designed  to  take 
your  business 
into  the  future? 

This  one  is. 


The 

Software- Defi  ned 
Datacenter. 


With  the  Software-Defined  Data  Center  from 
VMware,  all  data  center  resources-computing. 


A 


storage,  network  and  security-are  fully 
virtualized,  and  management  is  automated.  The 
result  is  unprecedented  levels  of  IT  automation, 
agility  and  efficiency,  with  the  flexibility  to 
support  the  applications  you  have  today  and 
the  applications  you’ll  need  in  the  future. 

vmware* 

Visit  vmware.com/sddc 


NEWS  ANALYSIS 


Supercomputing 
Needs  New  Teen 


With  Moore’s  Law  in  decline,  high-performance 
computing  faces  a  plateau  unless  a  disruptive 
technology  saves  the  day.  By  Patrick  Thibodeau 


LITTLE  lOOTH  tucked  away  in  the  corner  of  the 
Colorado  Convention  Center  in  Denver  last  month 
may  have  housed  the  next  Intel. 

Max  Shulaker.  a  Stanford  University  graduate 
student,  was  there,  ready  to  explain  carbon  nanotube 
digital  circuits  to  any  SC13  supercomputer  conference  attendee 
that  Slopped  by.  Shulaker  is  part  of  a  research  team  that  has 
made  what  they  claim  is  the  first  computer 


every  two  years.  And  since  it  became 
df^rent  that  that  principle  no  lon^r 
true,  supercomputer  developers 
have  had  to  rely  on  very  expensive 
architectural  changes,  such  as  adding 
speedy  GPUs,  to  boost  performance. 
In  the  near  future,  they  may  have  to 
increasingly  turn  to  chips  that  inte¬ 
grate  interconnects  and  memory  to 
speed  processing  and  reduce  enetgy 
consumption. 

The  problem  promises  to  blunt 
the  relentless  pursuit  of  ever  greater 
computing  power  to  run  increas¬ 
ingly  complex  simulations  to  tackle 
mankind's  big  problems. 

“We  have  reached  the  end  of  the 
technological  era.”  said  William 
Gropp,  chairman  of  the  SC13 
conference  and  a  computer  science 
professor  at  the  University  of  Illinois 
at  Urbana-Champaign. 

Gropp  likened  today’s  supercom¬ 
puter  development  terrain  to  that 
of  the  1960s.  which  saw  the  advent 
of  CMOS,  the  foundation  of  todays 
ndard  semiconductor  technology.  CMOS  was  disrup¬ 
tive,  but  it  ushered  in  an  expansive  age  of  computing. 

"We  don’t  have  a  technology  that  is  ready  to  be  adopted 
as  a  replacement  few  CMOS,”  said  Gropp. 

But  change  will  come,  and  it  will  be  disruptive. 

One  option  is  carbon  nanotubes,  essentially  rolled-up 
sheets  of  grapheme  that  form  nanocylinders  with  a  diame¬ 
ter  erf  about  1  nanometer.  About  io.e>oo  carbon  nanotubes 
side  by  side  wexild  fit  inside  a  single  human  hair,  said 
Shulaker,  who  is  working  on  the  technerfogy  at  Stanford 
with  professors  Subhasish  Mitra  and  Philip  Wong. 

This  Stanford  team  synthesized  their  own  nanotubes  by 
raking  a  quartz  wafer  and  adding  iron  nanoparticles  and 
then  beating  h  to  1,652  degrees  Fahrenheit.  The  CNTs  then 
become  the  channel  for  the  transistor,  which  turns  on  and  off. 

The  team  has  wx>rked  to  ensure  that  the  leap  to  next-generation 
technology  isn’t  insurmountable  for  experts  in  silicon.  For  instance, 
thev'  emulated  the  MIPS  instruction  set,  making  it  programmable. 
“Everything  we  do  is  silicon-compatible,”  said  Shulaker. 

It  s  uncertain  where  the  next-generation  supercomputer  tech¬ 
nology.  whether  CNT  or  something  else,  will  come  from. 

There’s  no  reason  to  believe  that  the 
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M  mankind’s  problems. 

M  ’TWehawreachedtheendofthe 

.  technological  era,’’  said  William 

Gropp,  chairman  of  the  SC13 
conCnence  and  a  computer  science 
professor  at  the  University  of  Illinois 
at  Utbana-Champa^ 

Gropp  likened  today’s  superoom- 
puter  dmiopment  terrain  to  that 
of  the  1960s,  which  saw  the  advem 
of  CMOS,  the  foundation  of  today’s 

tive,  but  it  ushered  in  an  expansive  age  of  computing. 

“We  don’t  have  a  technology  that  is  ready  to  be  adopted 
as  a  replacement  for  CMOS,”  said  Gropp. 

But  chai^  will  come,  and  it  will  be  disruptive. 

One  option  is  carbon  nanotubes,  essentially  rolled-up 
sheets  of  grapheme  that  form  nanocylinders  with  a  diame¬ 
ter  of  about  1  nanometer.  About  10,000  caibon  nanotubes 
side  by  side  would  fit  inside  a  single  human  hair,  said 
Shulaker,  who  is  working  on  the  technology  at  Stanfind 
with  professors  Subhasish  Mitra  and  Philip  Wong. 

This  Stanford  team  synthesized  their  on 


technology  isn 

they  emiitoed  the  MIPS  instruction  set,  making  it  pmgiammahle 
“Everything  we  do  is  siliootKxxnpatible,"  said  9iufeker. 


I  believe  that  the 
leading  the  industry  will 
necessarily  have  the  big  athrantage,  said 
Peter  Beckman,  a  computer  scientist  in  the 
Department  of  Energy’s  Aigonne  National 
Laboratory  and  head  of  an  international 
exascale  software  effort,  addii^  that  the 
replacement  technologie 
from  companies  workinf 
“that  aren’t  anywhere  ne 
Meanwhile,  he  said,  “we’re  goir^  to  have 
this  plateau  in  our  technology.”  * 
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Kimberly 

Stevenson 


Intel’s  IT  leader  is 
focused  on  speeding 
up  product  delivery, 
driving  revenue  and 
creating  efficiencies. 


opportunity  to  make  a  huge  impaa.’ 


KIMIERLV  STEVENSON,  a  cor^rate  vice  president  and  CIO  at  Intel,  has  spent  her 
professional  career  immersed  in  technoipjy,  uiorking  for  someth  the  world’s  most 
recognized  technology  companies.  Not  surprisiiigiy,  she’s  a  vocal  champion  for  IT 
and  how  it  will  transform  business  and  society.  “I  love  to  see  all  this  disruption 
coming  in  all  d^rent  industries,  and  it’s  all  coming  from  JT,”  says  Stevenson,  one  of  four 
finalists  for  the  2013  MU  Sloan  CIO  Leadership  Award.  She  shares  her  ideas  on  running  an 
U  department,  the  power  (^technology  and  die  importance  of  technologists. 

HowdMyaNanMiSNdlvourflntt«ovnrsoatlitJab7Icameln>in.withintheoigani2a- 

tion,  so  1  had  a  good  bead  on  wfaat  the  oiganizatioa  was.  It  was  a  well-nut  IT  organiza¬ 
tion,  so  when  you  take  on  a  new  chaHenge,  you  say:  “How  am  I  going  to  take  this  well-run 
team  and  make  it  better?”  That’s  the  approadi  1 1(^  in  the  context  of  the  changing 
business  at  Intel  The  first  thing  I  said  is  that  social  networking  is  going  to  be  one  o(  the 
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The  second  one  is  that  IT  helps  the  company  grow 
revenue,  and  we  have  a  number  of  projects  around  that 
—  [such  as  a  pnqect  to  increase]  field  sales  productiv¬ 
ity.  We  have  an  outbound  call  center,  and  we  use  ad¬ 
vanced  analytics  to  design  how  that  call  center  should 
operate.  We’re  also  using  collaboration  in  the  field, 
where  we’re  collaborating  directly  with  our  customers 
to  drive  overall  field  sales  productivity. 

The  third  is  about  improving  the  operational 
performance  of  the  company,  so  we’re  driving  aciioss 
the  company  a  number  of  initiatives  that  help  us  get 
mote  efficient. 

Those  are  the  three  big  priorities  moving  forward,  and 
there  ate  a  number  of  IT  initiatives  that  nest  under  that 


a  silver  bullet  A  whole  pipeline  of  things  have  to  happen. 
You  have  to  keep  girls  in  the  STEM  [scienoe,  tedinol^, 
engineering  and  math]  areas.  We  have  research  that  says 
if  you  educate  agiti,  you  can  change  the  economics  of  the 
entire  family  and  society.  So  we’re  interested  in  educating 
girls,  particularly  in  the  STEM  area.  Then  you  have  to 
keep  them  in  through  the  univettity  programs. 

We  also  did  some  research  that  said  that  girls  don’t 
appreciate  what  an  engineering  career  could  be  for 
them.  They  tend  to  think  that  engineering  is  like  a 
train  engineer  or  a  maintenartce  engineer.  But  when 
you  have  the  opportunity  to  explain  what  a  career 
in  engineering  is  and  the  itKome  potential,  you  can 
change  girls’  minds  about  pursuing  a  career  in  the  Geld 
of  engineering.  So  we  have  to  promote  the  profession 
in  a  way  that’s  educating  all  kids,  but  giris  in  particular. 

How  did  you  (ft  Into  the  tcdmoioty  fIcM?  I  was  the 

first  in  my  fomily  to  ever  graduate  from  college.  I  grew 
up  outside  of  Detroit  in  the  ’70s.  1  graduated  from 
high  school  in  t98o,  and  there  were  no  jobs.  The  only 
reason  my  parents  agreed  to  let  me  go  to  college  was 
to  get  a  jcd).  I  ended  up  interning  at  IBM,  and  I  learned 
to  program  because  I  had  a  huge  amount  of  work  and 
it  was  all  manual.  1  worked  a  lot  of  late  hours,  and  I 
wanted  to  go  out.  So  I  learned  to  program  so  I  could 
automate  a  lot  of  the  work.  1  was  self-motivated,  but 
maybe  not  for  the  right  reason. 

Wlnt  kipt  you  hi  IT?  My  defining  moment  was  a  few 
jobs  later  when  IBM  was  working  on  what  we  thought 
was  goit^  to  be  the  first  portaUe  PC.  There  were  a  lot  of 
challenges  with  the  project,  but  when  we  got  it  done,  we 
were  quite  proud  of  it  It  was  dubbed  the ’’Luggable,"  and 
it  hit  the  trade  press  and  it  was  on  every  covet.  I  dqrped 
every  article,  and  1  said,  “This  is  goitig  to  change  how 
people  Kork  and  change  society,"  and  I  knew  that  1  was 
in  tUs  field  for  my  career.  I  couldn’t  see  anything  else 
that  world  make  such  an  impact  on  the  world. 


Mary  K.  Pratt  (nuirykpratt@verizon.iiet) 
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Benchmarking  Is  Great 
When  It’s  Not  a  Waste 


Trueapples- 
to-apples 
comparisons 
don't  come 
easily. 


UrtPirMntls 

managing  partner 
at  Louisville.  Ky.- 
based  Leverage 
Partners,  which  helps 
organizations  invest 
well  in  IT.  Contact 
him  at  BartPerkins@ 
LeveragePartners.com. 


WE  ALL  KNOW  the  arguments  for  benchmarking:  It  lets  you  com¬ 
pare  yom  costs  and  service  levels  against  those  of  similar  orga¬ 
nizations.  It  helps  you  focus  yom  resources  on  improving  any 
processes  that  have  higher  costs  or  lower  service  levels  than 


industry  norms.  It  can  provide  a  solid  foundation 
for  comprehensive  improvement  plans. 

Here’s  an  argument  again^  benchmarking;  It 

True  apples-to-apples  comparisons  don’t  come 
easily.  You  have  to  dig  around  to  6nd  out.  for 
example,  which  accounting  rules  ate  used.  Does  a 
programmer’s  hourly  cost  include  bonus  and  ben¬ 
efits?  How  about  facility,  technology  atrd  adminis¬ 
trative  support  costs?  You  also  have  to  make  sure 
you  pnderstand  how  the  various  orgartizations  in 
your  bencbtrrarking  cohort  calcitlate  things  like 
application  repose  time,  network  availability 
.  and  the  percentage  of  incidents  resolved  on  the 
first  calL  Accounting  firr  all  of  those  dififeretrCes 
takes  a  lot  of  efkfft  and  many  hours  work  —  in 
other  words,  a  lot  of  money. 

Is  benchmarking  likely  to  be  a  waste  of  money? 
The  answer  crjuld  very  well  be  yes  if  these  factors 
come  into  play: 

■WMk  IT  MMgMMt  praams.  It  takes 
several  years  to  fully  implement  mt  OT  to  achieve 
significant  improvement  from  a  PMP  program, 
and  any  benchmarking  data  gathered  will  be 
urrfavmable  (and  likely  inaccurate)  until  the  new 
processes  ate  fully  adopted.  Premature  bench¬ 
marking  merely  indicates  the  size  of  the  improve- 
ment  opporturrity.  While  this  may  motivate 

be  gathered  more  quickly  by  consulting  someone 
who’s  an  expert  in  ITIL,  PMP,  Cofait  or  other 
control  process. 

■  Poor  IT  acowllnt  sad  aok  nttrics.  When 
internal  processes  are  weak,  daU  collection 


beconres  quite  complex.  The  beiKhtnarking  team 


and  must  combirre  data  from  multiple  sources. 
While  this  may  be  sufficient  fix'  plantring  purposes 
(whidi  only  need  to  be  directionally  correct),  true 
benchmarking  implies  a  bi^  degree  of  precision. 
Even  mitxx  allocation  errors  make  the  analysis 
less  precise  and  allow  skeptics  arxl  critics  to  chal¬ 
lenge  the  daU  and  associated  conclusions. 


dance.  Benchmarks  help  organizations  de¬ 
termine  how  to  change,  but  not  wlqi.  IT  leaders 
bequently  base  decisions  on  logic  and  r^ortxrs 
analysis  and  will  urxierstand  the  need  fix  process 


is  insufficient,  atrd  perhaps  even  irr 

n  A  need  for  radlod  restructurlnc.  Bench¬ 
marking  oitly  identifies  opportrmities  to  make 
incremental  improvements  to  existing  processes. 
When  you  need  to  rethink  your  mission,  redesign 
the  organizational  structure,  increase  customer 
engagertKnt  or  alter  the  way  you  deliver  products 
arid  services,  benchmarking  is  a  total  waste.  It  will 
have  value  only  after  you  resolve  the  bigger  issues. 


es  and  periodic 
refreshes.  Use  them  wisely.  It’s  a  diagnostic  tool, 
not  a  replacement  for  sound  business  decisions. 
And  cenainly  not  a  magic  potion.  Don’t  even 
think  about  benchmarking  if  you  don’t  know  how 
to  irse  the  results.  • 
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How  Ford 
is  using  big 
data  to  drive 
virtually 
every  aspect 
of  its  global 
turnaround. 

BY  JULIA  KING 


THAT’S  HOW  CEO  ALAN  MULAUV  has  launched 
many  a  meeting  since  his  2007  arrival  at  what 
was  then  the  sinking  ship  called  Ford  Motor  Co. 

Six  years  later,  Mulally’s  opening  line  has 
become  the  automaker’s  bona  Bde  company 
mantra.  Bearing  good  news  or  bad,  Ford  manag. 
eis  wouldn’t  dream  of  coining  to  a  meeting 
without  hard  metrics  in  hand. 

“Historicallyryou  didn’t  want  to  share  bad 
news  at  Ford,”  says  John  Cinder,  manager  of 

and  a  22-year  Ford  veteran.  “What  Alan  brought 
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want,  managing  vehicle  complex^  and  delivering  to  individual 
dealerships  the  right  cars  with  precisely  the  right  features  that 
customers  in  that  particular  geographic  area  want  to  buy. 

The  Right  Car  to  the  Rif!ht  Dealer 

For  decades,  Ford,  like  all  automakers,  has  relied  on  extensive 
market  research,  surveys  and  (ocus  groups  to  get  a  grip  on  the 
heart's  desires  of  drivers. 

“But  that  doesn't  always  give  ms  a  complete  picture  because  that 
data  needs  to  be  standardized  der  to  do  comparisons,"  says 

Mike  Cavaretta,  project  Itade  redictive  analytics  at  Ford. 
One  way  the  company  is  addr.  the  issue  is  by  monitoring 

social  media  for  more  specifier  iligence  and  customer  feedback. 

“The  nice  thing  about  social  media  is  that  people  elaborate," 
Cavaretta  says.  “They  talk  about  more  things  aiKl  go  beyond 
whether  something  is  simply  cool  or  not." 

For  example,  when  Ford  was  monitoring  social  media  streams 
to  learn  how  people  felt  about  its  three-Uink  option  for  signaling 
a  lane  change,  the  company  learned  a  lot  more  about  turn  signals 
than  it  set  out  to  know.  “We  found  that  in  some  vehicle  lines  the 
turn  signal  wasn't  high  enou^  or  [was]  in  the  wrong  place.  The 
problems  people  talked  about  weren't  with  the  three  blinks,  but 
other  aspects,"  Cavaretta  notes.  Ford  was  able  to  incorporate 
such  feedback  into  decisions  about  new  products  and  features. 

Building  in  the  features  that  drivers  want  is  one  thing.  But 
ensuring  that  dealers  have  those  cars  on  hand  to  sell  is  absolutely 
cnucal  to  turning  a  profit.  “Quite  a  few  customers  walk  into  a 
dealership  and  want  to  leave  with  a  vehicle  that  day,  so  we’re 
limited  to  vehicles  on  hand  that  day,”  explains  Ford  research 
scientist  Bryan  Cfoodman,  who  works  on  analytic  systems  that 
support  sales  and  marketing  and  their  intersection  with  materi¬ 
als  plaoning  and  logistics.  “We  have  to  get  the  right  vehicle  with 
the  right  engine  and  right  set  of  features  and  controls  to  the  right 
dealerships." 

Merging  Data  Lanes 

To  do  that.  Ford  integrates  and  analyzes 
several  ilata  streams,  iiKluding  data  on  what 
K  has  already  bulk  and  sold,  data  on  what 
has  sold  in  the  context  of  what  was  avail¬ 
able  in  inventory  at  the  time  of  the  sale,  plus 
data  on  what  customers  are  searching  lor 
and  configuring  on  company  websites.  This 
data  is  then  cominned  with  economic  data 
to  predict  vehicle  sales  relative  to  housing 
starts,  employment  rates  and  other  infor¬ 
mation.  The  system  is  known  as  the  Smart 
Inventory  Man^ment  System,  or  SIMS. 

“We  largely  figured  things  out  over 
various  experiments  and  applications  in  this 
area  over  many  years,  but  much  of  it  was 
not  enabled  until  the  last  few  years  because 
of  the  increase  in  computational  power," 

Goodman  says.  “We  have  20,000  compute 
cotes  in  the  builditrg  next  door  at  our  dispos¬ 
al.  We  have  computers  with  1.5TB  of  RAM. 
h's  those  sorts  of  resources  that  have  enabled 
us  to  synthesize  this  kirrd  of  data.' 

All  around,  SIMS  is  acknowledged  as  a 


pivotal  factor  in  Ford’s  turnaround  and  the  overall  success  of 
Mulally's  global  “One  Ford"  strategy. 

“As  we  globalize  and  leverage  products  from  around  the 
world,  it  means  new  complexity  maitagement  challenges,"  says 
Goodman.  Before,  “if  any  feature  was  desired  in  any  market, 
we’d  engineer  it  and  make  tt  available.  When  you  get  into  difler- 
ent  roof  heights,  dififerent  interiors,  different  wheels  and  so  on, 
we  can  offer  an  astronomicaliy  large  number  of  combinations. 
Imagine  300  billion  and  then  multiply  it  by  itself  again.  Custom¬ 
ers  get  overwhelmed  by  too  many  choices.'  Instead.  Goodman 
says,  “we  want  to  match  customers'  wants  with  out  global  supply 
chain.  It's  a  challenge  throughout  the  industry,  but  there's  hi^e 
value  in  getting  it  right."  This  requires  knowing  customers' key 
preferences,  then  tailoring  the  bulk  of  the  company's  production 
to  those  preferences,  rather  than  building  a  very  wide  range  of 
models  with  many  combinations  of  features.  It  comes  down  to 
building  cars  that  most  customers  want  most  of  the  time. 

This  is  where  SIMS  has  really  paid  off.  Assembly  plant 
schedules  and  parts  forecasts  have  both  significantly  improved 


says  Goodman.  “In  2007,  we  could  do  it  but  it  would  take  two  to 
three  weeks,  and  assemblers  needed  answers  in  20  minutes  or 
less.  Today,  we  can  do  it  in  two  minutes.” 

Ford  dealerships,  which  are  independent  fianchises,  also  have 
benefitted.  Some  3,500  dealersh^  receive  the  weekly  reports. 
Those  that  subscribe  to  SIMS  recommendations  say  that  they  an 
sdling  cars  at  higher  prices  and  more  quickly,  says  Ginder. 


“The  volume  of  data  generated  by  vehicles  is  huge,”  says 
Gimler.  Ford's  Fusion  Eneigi  plug-in  hybrid  car  gets  the  equiva¬ 
lent  of  108  miles  per  gallon.  It  also  gener¬ 
ates  25GB  of  dau  per  hour. 

Ford  currently  offins  three  kinds  of  hybrid 
cars:  two  phig-in  models  and  one  electric 
model  All  an  equipped  with  an  embed¬ 
ded  modem  that  customers  can  enable  on 
an  opt-in  bass  to  stream  dau  about  vehicle 
performance  back  to  the  manufacturer. 

“We  gather  dau  every  time  the  customer 
|dugs  in.  We  kiKW  when  they'n  plugging 
in,  how  many  gas  miles  they  drove,  hr 


what  they're 
saying  about  ity 
we  can  then  look 
at  how  it  relates 
to  our  internal 
business 
processes. 


and  how  often  they  take  trips,  h's  beipii^ 
to  shape  when  we  go  next  with  products,” 
says  Mike  TmScey,  director  of  vehicle  elec- 
trificatian  and  infiastructun.  Still  “our  big 
dau  [from  vehicles]  is  relative  for  now.  Itk 
small  birt  growing,"  be  says. 

It's  also  extremely  valuable,  especially 
when  combined  with  other  daU  from 

"It’s  bow  we  get  to  krmw  our  customers 
better,”  says  Cavaretta.  “If  we  know  how 
petrple  an  using  their  vehicle  and  what 
they’n  saying  about  h,  we  can  then  look 
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lo  the  company  is  a  mindset  that  we  would  no  longer  operate  on 
anecdotal  evidence.  I've  seen  that  explode  in  the  past  five  or  six 
years.  Our  CFO  and  COO  are  huge  proponents.  Today,  it’s  all 
about  having  a  data-driven  perspeclivc. " 

Indeed,  data  and  analytics  permeate  every  business  move  that 
Ford  makes,  from  forecasting  the  price  of  commodities  to  figur¬ 
ing  out  what  consumers  want, 
what  the  company  will  build, 
where  it  should  source  parts 
and  how  to  power  its  lineup  of 
cars  and  trucks. 

Crunching  data  behind  the 

and  analytics  experts  from  a 
broad  spectrum  of  disciplines. 

TItey  work  in  what  Ford  calb 
analytics  centers  of  excel- 

various  units  of  the 
$134  billion  company,  includ¬ 
ing  marketing,  research, 
credit  services  and  others. 

Since  2007.  these  analyt¬ 
ics  experts  have  contributed 
mightily  to  urgent  strategic 
and  tactical  turnaround  decisions,  working  on  projects  that 
ultimately  decided  issues  such  as  which  brands  and  models  to 
discontinue,  where  to  procure  parts  and  materials,  and  how  to 
enable  dealers  to  tweak  their  inventories  to  improve  sales. 

Quarterly  financial  figures.  Ford’s  stock  performance  and  the 
company’s  most  recent  annual  report  tell  the  rest  of  the  story  so 
far.  In  2009  —  one  year  after  reporting  a  record  $4.6  billion  loss 
—  Ford  posted  a  profit  for  the  first  time  in  four  years.  That  same 
year,  it  launched  25  new  vehicle  lines  and  sold  2.3  million  cats 
and  trucks  in  the  U.S.,  becoming  the  first  brand  to  top  the 
2  million  mark  in  U.S.  sales  since  2007.  In  October,  the  automak¬ 
er  reported  its  17th  consecutive  profitable  quarter. 

Data  analytics  is  a  key  competitive  tool  for  all  carmakers,  which 
are  slicing  and  dicing  data  on  customers,  production,  vehicles  and 
more  to  predict  demand  and  hone  their  product  offerings.  General 
Motors,  for  example,  has  been  collecting  vehicle  diagnostic  data 
and  other  information  via  its  OnStar  system  for  years.  But  Ford  is 
heavily  focusing  its  analytic  efforts  on  customer  preferences,  an 
area  where  it  appears  to  be  ahead  of  its  competitors,  according  to 
Thilo  Koslowski,  an  automotive  analyst  at  Gartner. 

"Everyone  is  working  on  [analyticsl  and  lo  varying  degrees 
have  (gained]  insights  with  regard  to  product  usage,"  he  says.  “I 
see  Ford  having  explored  this  sooner  than  others,  especially  in 
terms  of  understanding  customer  preferences." 

At  Ford,  “there  was  very  much  a  sense  of  urgency,  and  that 
tends  to  drive  people  lo  think  outside  of  the  box."  says  Ginder. 
“There’s  nothing  like  a  crisis  to  help  get  the  type  of  acceptance 
that’s  imporunt  (with  analytics].  The  crisis  of  2007  and  2008 
was  a  major  turning  point  for  our  company  and  the  role  that  ana¬ 
lytics  can  play.  With  that  combination  of  crisis,  new  management 
and  a  new  perspective,  we  were  emboldened  and  empowered  to 
look  at  things  quite  differently." 

Ford  has  derived  some  of  the  greatest  returns  from  analytics 


JOHN  GINDER,  MANAGDI 
Of  SYSTEM  ANALYTICS 
AND  ENVIRONMENTAL 
SCIENCES.  FORD 


warn,  managing  vehicle  complexity  and  delivering  to  individual 
dealerships  the  right  cars  with  precisely  the  right  features  that 
customers  in  that  particular  geographic  area  want  to  buy. 

The  Right  Car  to  the  Right  Dealer 

For  decades.  Ford,  like  all  automakers,  has  relied  on  extensive 
market  research,  surveys  and  focus  groups  to  get  a  grip  on  the 
heart  s  desires  of  drivers. 

“But  that  doesn’t  always  give  •  s  a  complete  picture  because  that 


social  media  for  more  specific  i  lligence  and  customer  feedback. 

"The  nice  thing  about  social  media  is  that  people  elaborate.” 
Cavaretta  says.  "They  talk  about  mote  things  and  go  beyond 
whether  something  is  simply  cool  or  not." 

For  example,  when  Ford  was  monitoring  social  media  streams 
to  learn  how  people  felt  about  its  thiee-blink  option  for  signaling 
a  lane  change,  the  company  learned  a  lot  more  about  turn  signals 
than  it  set  out  to  know.  “We  found  that  in  some  vehicle  lines  the 
turn  signal  wasn't  high  enough  or  |was|  in  the  wrong  place.  The 
problems  people  talked  about  weren’t  with  the  three  blinb,  but 
other  aspects,”  Cavaretu  notes.  Ford  was  able  to  incorporate 
such  fe^back  into  decisions  about  new  products  and  features. 

Building  in  the  features  that  drivers  want  is  one  thing.  But 
ensuring  that  dealers  have  those  cars  on  hand  to  sell  is  absolutely 
critical  to  turning  a  profit.  "Quite  a  few  customers  walk  into  a 
dealership  and  want  to  leave  with  a  vehicle  that  day,  so  we’re 
limited  to  vehicles  on  hand  that  lay,"  explains  Ford  research 
scientist  Bryan  Goodman,  who  works  on  analytic  systems  that 
support  sales  and  marketing  and  'heir  intersection  with  materi¬ 
als  planning  and  logistics.  "We  have  to  get  the  right  vehicle  with 
the  right  engine  and  right  set  o(  -atures  and  controls  to  the  right 
dealerships." 


Merging  Data  Lanes 

To  do  that,  Ford  integrates  and  analyzes 
several  data  streams,  including  data  on  what 
it  has  already  built  and  sold,  data  on  what 
has  sold  in  the  context  of  what  was  avail¬ 
able  in  inventory  at  the  time  of  the  sale,  plus 
data  on  what  customers  are  searching  for 
and  configuring  on  company  websites.  This 
data  is  then  combined  with  economic  data 
to  predict  vehicle  sales  relative  to  housing 
starts,  employment  rates  and  other  infor¬ 
mation.  The  system  is  known  as  the  Smart 
Inventory  Management  System,  or  SIMS. 

"We  largely  figured  things  out  tjver 
various  experiments  and  applications  in  this 
area  over  many  years,  but  much  of  it  was 
not  enabled  until  the  last  few  years  because 
of  the  increase  in  computational  power,” 
Goodman  says.  "We  have  20,000  compute 
cotes  in  the  building  next  door  at  our  dispos¬ 
al.  We  have  computers  with  1.5TB  of  RAM. 


what  they're 
saying  about  ity 
we  can  then  look 
at  how  it  relates 
to  our  internal 
business 
processes. 


we’d  engineer  it  and  make  it  available.  When  you  get  into  differ¬ 
ent  roof  heights,  different  interiors,  different  wheels  and  so  on, 
we  can  offer  an  astronomically  large  number  of  combinations. 
Imagine  300  billion  and  then  multiply  it  by  itself  again.  Custom¬ 
ers  get  overwhelmed  by  too  many  choices."  Instead.  Goodman 
says,  “we  want  to  match  customers'  wants  with  our  global  supply 
chain.  It’s  a  challenge  throughout  the  industry,  hut  there’s  huge 
value  in  getting  it  right."  This  requires  knowing  customers’  key 
preferences,  then  Uiloring  the  bulk  of  the  company’s  production 
to  those  preferences,  rather  than  building  a  very  wide  range  of 
models  with  many  combinations  of  features.  It  comes  down  to 
building  cars  that  most  customers  want  most  of  the  time. 

This  is  where  SIMS  has  really  paid  off.  Assembly  plant 
schedules  and  parts  forecasts  have  both  significantly  improved 
because  ”we  can  run  those  schedules  with  better  algorithms," 
says  Goodman.  “In  2007.  we  could  do  it  but  it  would  uke  two  to 
three  weeks,  and  assemblers  needed  answers  in  20  minutes  or 
less.  Today,  we  can  do  it  in  two  minutes." 

Ford  dealerships,  which  are  independent  franchises,  also  have 
benefitted.  Some  3,500  dealerships  receive  the  weekly  reports. 
Those  that  subscribe  to  SIMS  recommendations  say  that  they  ate 
selling  cats  at  higher  prices  and  more  quickly,  says  Ginder. 

Down  the  Road 

Yet  Ford’s  analytics  experts  say  they  have  only  just  begun  to  scratch 
the  surf^  with  big  data.  The  next  big  frontier  is  daU  that  streams 
from  vehicles  themselves. 

“The  volume  of  ilata  generated  by  vehicles  is  huge,"  says 
Ginder.  Ford’s  Fusion  Energi  plug-in  hybrid  car  gets  the  equiva¬ 
lent  of  toS  miles  per  gallon.  It  also  gener¬ 
ates  25GB  of  data  per  hour. 

Ford  currently  offers  three  kinds  of  hybrid 
cars:  two  plugin  models  and  one  electric 
model.  All  ate  equipp^  with  an  embed- 
ded  modem  that  customers  can  enable  on 
an  opi-in  basis  to  stream  data  about  vehicle 

"Wegather-data  every  time  the  customer 
plugs  in.  We  know  where  they’re  plugging 
ICNBml  in.  how  many  gas  miles  they  drove,  how 

many  electric  miles,  how  often  they  plug  in 
'  .  and  how  often  they  take  trips.  It’s  helping 

WUL  lly  to  shape  where  we  go  next  with  products," 

|0n  look  ^  Ttnskey,  director  of  vehicle  elec- 

,  trification  and  infrastructure.  Still,  "our  big 

rOiOtOS  dau  [from  vehicles]  is  relative  for  now.  It's 

OmSU  small  but  growing,”  he  says. 

It’s  also  extremely  valuable,  especially 
when  combined  with  other  data  from 
>  social  media  sites. 

"ft’s  how  we  get  to  kttow  our  customers 
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Jt  il  relates  to  our  internal  business  processes."  When  inte¬ 
grated.  tlie  data  creates  a  veritable  heat  map  of  where  improve¬ 
ments  need  to  be  made. 

Ford  al-so  prm  ides  reports 
big  data  and  pnn-essing  it  for  all  stakeholders  as 
Tiiisko  w\s.iioiiiigiluicua 
monihh  report  dnjiling  (heir 

Intersecting  the 
Internet  of  Thinp 

Tinskey.  Casarelta  and  others  on 
anal>Tics  team  anticipate  that,  inc 
whicle  data  will  be  combined  with  other 
n-pes  of  internal  and  external  data  via  the 
Internet  of  Thir^.  That  could  enable  custom¬ 
ers  tudo  ihir^  like  tune  their  cars'  engines 
indnidual  specifications  i 
rates  for  the  electncity  they 
depend  i  ng  on  t  he  t  i  me  of  day 

“The  really 

these  oistomers  are  charging  and  we  I 
what  electricity  generation  looks  like  in 
their  ZIP  codes.  We  ha>‘e  a  grid  generation 
database  of  all  the  ZIP  codes  in  the  United 
States,  and  we  tie  that  data  together  with 
charging  data."  explains  Tinskex  . 


“What  we’re  proposing  is  that  as  we  reach  critical  mass,  vehicles 
could  respond  to  calls  from  the  utility  to  scale  back  [consumption]. 
One  scenario  is  that  customers  would  delay  charging  their  cars 
when  power  demand  is  high  and  the  utility  would  compensate  them 
by  charging  them  a  lower  rate,"  he  says.  The  scenario  is  similar  to 
programs  already  in  place  for  heating  and  coolii^  homes.  Tinskey 
notes,  for  example,  that  his  home  air  condi¬ 
tioner  is  on  a  separate  meter  "and  I  enjoy  lower 
rates  whenever  I  use  it  in  ernrhange  for  turning 
it  off  or  down  durii^  certain  hours  when  the 
utility  calls  for  that." 

The  Internet  of  Things  enables  the  combi¬ 
nation  of  internal,  external  and  vehicle  data 
to  provide  new  services,  says  Cavaretta. 

“It  could  be  that  the  vehicle  is  a  mobile 

in  the  road  or  in  streetlights  to  monitor 
traffic  conditions,  weather  conditions  and 
energy  usage.  It  could  then  communicate 
information  to  the  vehicle  and  change 
the  vehicle’s  behavior.  The  ability  to  take 
informaticHi  embedded  in  sensors  in  the 
environment  and  then  better  understand 
how  to  modify  the  vehicle  or  optimize 
business  processes  is  the  real  key,”  he  says. 

The  bottom  line:  Big  data  is  only  going  to 
get  bigger  at  Ford,  which  has  clearly  tied  its 
future  to  the  power  analytics.  ♦ 


recharge  their  vehicles. 
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Ovtr  the  past  decade  and  a  half,  Foctfs 
canters  of  excellence  have  developed  fllc- 


-FlfteenvcaKato,lT«aslar■•lvtilcor- 
Canlzation  ere  had  to  |o  to  for  access  to  data 
from  transactions.  They  were  the  soorca 
of  dau  and  we  were  a  source  of  headaches 
hecause  we  were  devdophK  what  they  con¬ 
sidered  shadow  IT,”  Cinder  recalls. 

That  bcfan  to  chance  when  Cinder’s  team 
waswotkincoaSIMS,the$niartlnvtn- 
tery  Manacemcirt  System,  “we  started  to 

IT  orianizatieo  and  understand  thdriirac- 


researditheuchtwasineffectlvc.” 

Teday.asaresuttefwerklngwlththcana- 

lyticsteamsnSIIIS,“oiirlTapplicatlenda- 

enthaly  to  acHe  practices.”  Cinder  says. 
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atRupofwhereiniptove- 

Fbtd  also  piDvidcs  repons  back  to  the  driven.  “Were  taking  the 
big  data  and  peocessing  it  kv  all  stakeholders  as  a  nwothly  repon," 
Tinskey  says,  noting  that  c 
monthly  lepon  detailing  their  us^  and 


ley,  Cavaretta  and  others  on  Ford’s 


vehicle  data  will  be  combined  with  other 
types  of  internal  and  enemal  dau  via  the 
Internet  of  Things.  Thai  could  enable  custom- 

individual  specihcations  and  pay  discounted 
rates  lor  the  electricity  they  use  to  rechaige, 
depending  on  the  time  of  day  or  night  that 
they  drive  and/or  recharge  theii  vehicles. 

“The  really  cool  thing  is  we  know  where 
these  customers  ate  charging  and  we  know 
what  electricity  generarion  looks  like  in 
their  ZIP  codes.  We  have  a  grid  generation 
database  of  all  the  ZIP  codes  in  the  United 
Slates,  and  we  tie  that  dau  together  with 
charging  data,“  explains  Tinskey. 


engine 
and  right  set 
of  features 
andcontrois 
to  the  right 


"What  we're  proposing  is  that  as 
could  respond  to  calls  from  the  utility  to  scale  back  [consun^rtioo]. 
One  smiario  is  that  customers  would  delay  charging  their  cars 
when  power  demand  is  high  and  the  utility  would  compensate  them 
by  charging  them  a  lower  rate,"  he  says.  The  scenario  is  similar  to 
programs  already  in  place  for  heating  and  cooling  homes.  Tinskey 
notes,6irexample,thathisbomeaiioondi- 
tkmer  is  on  a  separate  meter  “and  1  er^  lower 
rates  whenever  I  use  it  in  exchange  for  turning 
it  off  or  down  during  certain  hours  when  the 
utility  calls  for  that" 

The  Internet  of  Things  enables  the  comln- 
nation  of  internal,  external  and  vehicle  data 
to  provide  new  services,  says  Cavaretta. 

“It  could  be  that  the  vehicle  is  a  mobile 
sensor  platform  connected  to  sensors 
in  the  road  or  in  streetlights  to  monitor 
traffic  conditions,  weather  conditions  and 
energy  usage.  It  could  then  communicate 
information  to  the  vehicle  and  change 
the  vehicle’s  behavior.  The  ability  totake 
information  embedded  in  sensors  in  the 
environment  and  then  better  understand 
how  to  modify  the  vehicle  or  optimize 
business  processes  is  the  real  k^,"  he  says. 

The  bottom  line:  Big  data  is  only  going  to 
get  bigger  at  Ford,  which  has  clearly  tied  its 
future  to  the  power  of  analytics.  » 
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CLOUD  COMPUTING 


Here’s  how  to  determine  if  your  organization  needs  the  security,  control  and 
performance  that  a  private  cloud  offers,  by  nancy  gohring 


When  to  Pick  a 


PRIVHE 

OOUD 


would  really  be  better  oflF  with  standard  virtuaUzed  data  centers 
or  with  public  cloud  services,  experts  say.  About  half  the  time, 
businesses  build  private  clouds  for  the  wrong  reasons  and  should 
be  doing  something  else  instead,  estimates  David  Linthicum,  a 
consultant  at  Cloud  Technology  Partners. 

“In  many  instances.  I'll  determine  quickly  that  it’s  an  emo¬ 
tional  decision  versus  a  logical  one,"  he  says.  For  example,  some 
IT  departments  ate  so  used  to  running  their  own  data  centers 
that  they  have  a  hard  time  letting  go,  so  they  set  up  private 
clouds  —  and  in  some  of  those  cases,  they  do  that  h«ause  they're 
concerned  about  how  a  shift  might  affect  IT  jobs. 

That  doesn’t  mean  there  isn’t  a  need  for  private  clouds.  There 
is  —  under  the  ri^t  circumstaiKes,  which  nuy  involve  b^  new 
development  operations,  apps  that  draw  on  truly  sensitive  data, 
or  aging  data  centers. 


The  first  question  a  business  should  ask  itself  is  why  it  wants  to 
build  a  private  cloud,  lypically,  enterprises  talk  about  security, 
Linthicum  says.  But  that’s  not  the  whole  story.  The  reality  is,  it’s 
control.  They  want  the  thing  to  exist  in  their  data  center.  It’s  just 
hard  to  change  habits,"  he  says. 

MikeSchutz.generalmanagerofprorluctmatketit^fi)r 
Windows  Server  and  Management  at  Micrasoft,  agrees  that  control 
is  an  issue.  “In  some  cases,  what  the  public  doud  doesn’t  provide 
today  is  a  level  of  control  that  some  organizatioos  need,"  he  says. 

It’s  not  just  the  ability  to  teach  out  and  touch  the  servms.  With 
a  private  cloud,  a  business  can  build  just  the  amourrt  of  memory 
and  storage  it  wants  artd  make  its  own  choices  on  software  for 
databases  artd  other  systertts,  for  insunce.  Organizations  can  also 
customize  security  to  fit  their  neetis  and  itse  the  networking  gear 
that  ensures  fostest  contrections  to  their  data. 

A  need  for  security  can  be  a  good  reason  to  use  private  cloud, 
Lirrthicum  says.  For  example,  a  private  cloud  may  make  sense 
for  businesses  or  other  organizatioos  that  handle  state  secrets, 
personally  identifiable  information  or  proprietary  research. 

Heartland  Payment  Systems,  which  ofifers  payment  processit^ 
services  to  merchants,  falls  squarely  in  the  category  of  a  business 
that  turned  to  a  private  clottd  for  secirrity  reasons.  In20to,it 

experiencing  a  well-publicized  data  breach.  “Seorrity  and  risk 
and  compliance  and  liability  were  all  top  of  mind,"  says  Kris 
Herrin,  CTO  at  Heartland. 

As  part  of  that  data  center  com 


whittled  the  number  of  daU  cerrters  from  nine  to  three.  Heart¬ 
land  decided  to  adopt  a  private  cloud.  And  having  been  an  early 
adopter  of  private  cloud  tecimofogy,  the  comparty  is  now  in  the 
unique  position  of  upgrading  to  a  secood-genetatioo  private  cloud. 

“Otrr  first  attempt  was  very  much 'cloud  washing,’"  says 
Herrirt,  meaning  that  the  vendor,  Fujitsu,  tor^  advantage  of  the 
buzz  around  the  term  “cloud  computing"  and  called  the  setup  a 
cloud  without  actrrally  delivering  full  doud  features.  “It  was  an 
outsourced  managed  service  offering  that  was  simply  white¬ 
washed  with  clou^like  behaviors,  including  utility  pricing." 

That  said.  Heartland’s  private  doud  corttinues  to  serve  its 
purpose  —  running  the  payment  prcxessing  service  used  by 
Heartland’s  merchant  customers.  The  infiastructure  is  owned  by 
Heartland  and  is  in  a  physically  separate  environment,  but  “our 


Our  auditorsy  internal  and  external, 
can  see  and  ^1  and  touch 
[the  private  cloud],  and  that  makes 
them  feel  better. 

HEARTLAND  PAYMENT  SYSTEMS 


auditors,  intemal  and  external,  can  see  and  feel  and  touch  it,  and 
that  makes  them  fed  better,**  Herrin  says. 

But  it’s  missing  a  few  key  features.  One  is  that  it  doesn't  offer 
software-driven  netwoiking  or  storage.  That  means  Heartland 
can  easily  and  quickly  provision  compute  power,  but  it  m^t 
take  an  additional  two  months  to  set  up  t^  networking  piece. 

Heartland  has  a  conq)lex  networic  design  because  of  the  nature 
of  its  business  —  it  offers  realHime  credit  card  processing  services. 

Its  second-genexatkm  private  doud,  which  it  hopes  to  have  up 
and  runnir^  by  the  first  quarter  of  next  year,  will  support  soft¬ 
ware-defined  networking,  which  will  decoupte  the  networking 
from  the  compute  functions  and  should  thereby  make  it  easier  to 
provision  cloud  services  and  make  hardware  upgrades. 

Heartland  cuneittly  uses  VMwaie’s  doud  technology  and 


CLOUD  COMPUTING 


Defining  a  Private  Cloud 


In  other  words,  the  company  is  build¬ 
ing  separate  douds  geared  specifically 
toward  their  applications.  For  instance, 
it’s  currently  working  on  a  cloud  that  will 
support  its  virtual  desktop  infiastructure. 
“VDI  apps  are  very  I/O  intensive,’’  Gilbert 
says.  “So  instead  of  using  a  general  cloud, 
we’ll  build  it  specially  to  support  that 
workload." 

SunlVust  is  also  building  a  test  and 
development  cloud  that  will  be  designed 
as  a  more  all-purpose  cloud  with  a  self-  . 
service  capacity.  ’That  cloud  will  have 
an  er]ual  mix  of  VMware  and  Microsoft 
cloud  software. 

The  bank  regards  its  private  clouds 
as  an  interim  step.  Once  the  company 
is  running  applications  on  its  private 
clouds,  it  hopes  to  evaluate  whether  one 
day  it  might  be  better  to  ofBoad  them 
into  a  software-as-a-service  or  exter¬ 
nally  hosted  private  environment.  “’The 
longer-term  challenge  is ...  bow  do  we 
become  more  of  a  service  broker  than  a 
service  builder?"  Gjibert  says. 


expects  to  oominue  with  VMware  in  its  new  doud,  at  least  initially. 
"We’re  having  open  discussiaos  as  to  whether  we  may  or  may  not 
continue  with  (VMwarej  in  the  long  run,"  Herrin  says.  "We  realized 
we  need  to  give  ourselves  the  ability  to  be  agnostic,  whether  we 
stick  with  VMware  or  not."  The  plu  is  to  architect  the  doud  so  that 
the  company  can  switch  to  a  di&rent  doud  tedinolqgy  provider  in 
the  future.  Apache’s  CloudStadt  is  on  Heartland’s  short  list,  he  says. 

Heartland  expects  to  be  able  to  use  existing  server  hardware 
from  IBM  for  the  new  cloud,  and  it’s  evaluating  whether  it  will  be 
able  to  reuse  the  Fujitsu  hardware  ftom  its  first-generation  service. 

The  new  cloud  likely  won’t  be  self-service  in  exactly  the  same 
way  that  public  clouds  are,  but  Herrin  still  expects  it  will  be 
a  dramatic  improvement.  “What  I  figured  out  rpiickly  is  nty 
business  users  and  developers  internally  didn’t  really  cate  about 
self-service,"  be  says.  Whether  they  ordered  up  the  resources 
themselves  or  someone  else  did  it  for  them,  that  factor  wasn’t  as 
importam  as  getting  access  to  the  resources  quickly. 

He  envisioos  a  setup  where  developers  will  be  able  to  do  most 
of  the  provisioning  th^  want  on  their  own  while  teaching  out  to 
a  staff  doud  expert  for  some  functions.  “Given  where  thii^  are 
today,  in  that  it  takes  weeks  to  get  things  done,  getting  it  down  to 
days  —  people  will  be  thrilled  with  that,"  he  says. 

Heartland  does  use  public  doud  services,  like  those  from 
Amazon  Web  Services,  for  some  applicatioos.  “We  want  to 
consume  more  and  mote  in  the  public  cloud,  but  we  know  we 
will  always  still  have  a  private  doud,"  Herrin  says. 

PurposeMtt  Private  douds 

spurred  it  in  the  direction  of  private  doud,  but  it’s  taking  a  unique 

We  ate  building  a  series  of  private,  internally  hosted  clouds  that 
are  very  much  purpose-driven,"  says  Rich  Gilbett,  senior  vice 
president  fcr  information  techmlogy  and  services  at  SunTrirst. 


The  bank  has  taken  steps  in  that  direction  with  its  archiving 
system.  Around  i8  months  ago  it  started  evaluating  options  for 
document  and  email  archiving  and  retention.  Using  an  external 
private  doud  for  archiving  turned  out  to  be  a  better  bet  than 
building  in-house,  Gilbert  explains.  When  looking  at  the  value 
add  of  archiving  in-house,  including  building  the  service  and 
ongoing  support,  it  made  more  sense  to  use  the  external  service, 
be  says.  The  service  is  hosted  by  Viewpointe. 


In  addition  to  security  cotKems,  a  need  for  systems  that  deliver 
very  high  performance  can  be  a  reason  for  building  a  private  cloud. 

NokiaResearcbCenterandNokiaSohitionsandNetworks  — 
two  separate  companies  —  both  built  private  clouds  for  security 
and  performance  reasons. 

For  Nokia  Research,  neither  a  public  cloud  nor  the  corpo¬ 
rate  production  network  was  a  virdile  option.  Nokia  Research 
computing  resources  are  used  by  researchers  who  are  toying 
with  new  projecu,  and  it  would  be  too  risky  to  run  such 
systems  on  the  corporate  network,  where  they  could  potentially 
cause  trouble,  says  Alex  Bedetov,  systems  architect  at  Nokia 
Research. 

And  because  the  projects  are  confidential,  “legal  just  wouldn’t 
allow  us"  to  use  a  public  cloud,  be  exjdains. 

Nokia  Solutions  and  Networks  (NSN),  which  has  an  annual 
R&D  budget  of  r.y  billioo  euros,  had  sitriilar  needs,  with  a  twist. 

It  had  a  VMwaredrased  dau  center,  used  by  researchers,  that 
had  performance  problems  and  therefore  was  cunning  some 
workloads  without  virtualizariorr.  So  the  comparty  began  lodung 
for  a  way  to  both  homogenize  its  envitonment  and  introduce 

manager  of  cloud  solutions  R&D  at  NSN. 

“The  challenge  for  a  company  like  ours  is  that  we  have  a  lot  of 
data  itUemally  in  place,"  be  says.  If  the  company  had  gone  with  a 


lUr  basis  “would  have  been  quite  a  challenge.' 


about  three  yeais  ago  —  that  option  wouldn't  allow  it  to  let  users 
instantly  spin  up  new  instances. 

It  looked  into  Eucalyptus,  Nebula  and  OpenStack  and  settled 
on  Eucalyptus,  because  it  was  the  only  one  with  a  produc¬ 
tion  product  at  the  time.  “OpenStack  came  as  a  compiler  and 
source  code,”  Heino  says.  With  Eucalyptus,  he  figured  theie'd 
be  someone  to  call  for  help  if 


NSN  now  runs  a  private 
doud  that  currently  has 
10,000  cotes  spread  across 
firur  locations  woildwide  and  is 
giowii^,  seeming  by  the  day. 


For  deeper  network  security 
look  beyond  the  obvious. 


access.  Because  several  different  groups  use  the  cloud,  Xeroi  also 
uses  Microsoft  tools  for  internal  billing  and  chargeback,  says 
Raman  Padmanabhan,  senior  vice  piesirlent  and  CIO  of  Xerox 
Business  Services. 

Nokia  Research,  NSN  and  Xerox  are  outside  the  norm.  While 
some  businesses  buy  private  cloud  products  but  dcHi’t  turn  on 

critical  features  because  they 
I  aren’t  quite  ready  yet,  most 


“Typically,  ifs  a  lack  of 
trust,"  says  Lauren  Nelson,  an 
analyst  at  Forrester.  IT  man¬ 
agers  worry  that  if  they  turn 
on  cloud  capabilities,  like  self- 


things  incorrectly,  she  says. 

In  many  cases,  though, 
it's  just  a  matter  of  time,  says 
Mike  Adams,  g|pup  product 


search  built  its  private  cloud. 

“You  can  call  [the  [»ivate 
doud]  whatever  you  want  to 
call  it  Tm  lookup  at  it  as  aut 


The  Quota  System  ' - 

NSN  also  offers  self-service 

and  uses  the  tools  Eucalyptus  offers  to  set  quotas  fi>r  users.  Some 
workers  who  “will  need  a  lot  of  resources  and  are  responsible 
have  access  to  anything,"  Heino  says.  Others  have  limits. 

Deciding  who  needs  a  quoU  and  what  size  it  diould  be  is  a 
challenge,  he  warns.  “Writing  quotas  is  difiScuk.  We  don’t  want 
to  limit  innovation  or  developnient,"  he  says.  He’s  currently 
researching  ways  to  implement  more  advanced  resource  man¬ 
agement.  For  instance,  he’d  like  to  offer  key  irsers  a  guaranteed 
amount  of  capacity  but  have  the  ability  to  ofo  that  capacity  m 
other  developers  if  it’s  rxrt  being  used  He’s  investigating  usit^  on 


sources,  the  new  management 
“They  don’t  think  users 


that  developets  know  that 
they  can  spin  up  an  Amazon 
Web  Services  instance  in  ts 
minutes,  IT  may  be  essential¬ 
ly  drivir^  them  to  do  so,  even  if  it’s  against  company  policy. 

Wherever  you  are  in  your  private-cloud  journey,  Gotrd 
Technology  Partners’  Linthicum  suggests  looking  at  all  options: 
The  traditional  enterprise  vendors  —  and  not  just  the  one  you’re 
already  using  —  as  well  as  the  upstart  technologies. 

With  all  the  new  choices,  industry  watchers  say,  it’s  clear  that 
the  Competitive  landscape  is  changing.  ♦ 

phones  pnd  wireless  netwivks.  Follow  her  on  IWiner  (@ngoliringl 
and  contact  her  at  itg@ngoliring.com. 
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MOBILE  &  WIRELESS 


"Mobile  is  changing  all  the  rules,  whether  you're  on  the  IT  side 
or  the  Iine-o(-business  side,"  says  Bob  Egan,  CEO  of  Sepharim 
Group,  a  Boston-based  mobility  consulting  firm.  “We've  gone 
fiom  a  homogeneous  environment  to  a  heterogeneous  envirou- 
ment  with  multiple  screens  and  operating  systems.  It's  a  capacity 
issue,  a  security  and  authentication  issue,  and  a  policy  issue.  It's  a 
brave  new  world  for  organizations  to  deal  with." 

So  how  do  you  manage  the  madness?  Should  you,  for  example, 
hire  a  mobile  wrang^  to  corral  efforts,  and  make  him  or  her  the 
arbiter  of  interfaces  and  back-end  architecture  access,  as  Case 
Western  Reserve  University  hasdone?  And  if  you  do,  to  whom 
should  that  person  report?  Or  should  you  create  a  separate,  ad 
hoc  group  to  get  your  company  quickly  and  creatively  up  to 
speed  on  mobility,  as  gaming  company  Electronic  did?  If 
so,  should  those  responsibilities  eventually  roll  back  into  IT?  Or 
should  you  esublish  a  group  that  fimctions  as  a  center  of  excel¬ 
lence  for  mobile,  as  Needham  Bank  has  done?  If  that's  viable, 
then  how  should  it  be  stafed  and  who  should  oversee  it? 

While  there  is  no  one  right  answer,  IT 
managers  and  analysts  agree  the  stakes  are 
high.  Mobility  is  no  longer  tactical,  it's  stra¬ 
tegic,  and  therefore  requires  a  higher  level 
of  consideration.  ‘It  went  from  being  nice 
to  have  —  something  that  executives  and 
users  really  loved  —  to  being  a  mainstream 
initiative,"  says  Ojas  Rege,  vice  president  of 
strategy  for  Mobilelron,  a  vettdor  of  mobile 

A  Big  Ball  Of  Wax 

Before  you  can  corral  mobile,  you  need  to 
figure  out  who  or  what  group  should  do  the 
corralling.  But  even  that  decision  isn't  easy 

Take  the  issue  of  support.  Mobility  is  not 
solely  a  hardware  issue,  so  it  doesn't  neces¬ 
sarily  make  sense  to  drop  it  in  the  desktop 
team's  lap.  "In  the  tablet  world,  IT  can't 
push  [just]  Apple  iOS,"  says  Rege.  "It's  not 


because  the  right 
hand  doesn^  know 
what  the  left  hand 
is  doing. 


And  it  do^'t  make  sense  to  put  the 
email  team  in  charge  of  mobility,  because  mobile  devices  are 
used  for  much  more  than  email  these  days  —  you  have  to  take 
into  account  security,  device  management  and  mote.  Beyond 
that,  it's  one  thing  to  offer  technical  support  to  your  company's 
employees;  it's  another  to  offer  the  same  kind  of  support  to  the 
exponentially  larger  customer  base  you're  trying  to  engage. 

Then  there's  the  age-old  schism  between  marketing  and  IT.  As 
Egan  points  out,  “marketing's  first  responsibility  is  to  drive  the 
persona  of  the  brand  through  all  channels  and  geographies.  IT's 
responsibility  is  to  protect  the  brand,  not  extend  it  Its  goal  is  to 
protect  profits,  not  drive  revenue." 

When  it  comes  to  mobility,  custotner-focing  applications 
are  generally  managed  by  the  sales  artd  marketing  teams,  and 
employee-focing  applications  ate  generally  managed  by  IT.  The 
pe<^  in  sales  and  marketing  want  applications  up  and  rurming 
quickly  so  the  company  can  keep  abreast  of  the  competition; 
when  they  think  about  deployntem  schedules,  they  think  in 
terms  of  weeks.  The  ferlks  in  IT,  on  the  other  hand,  want  to 


I  access  methods  and  within  the  code 
base,  so  they  think  about  deployment  schedules  in  terms  of 
months.  Moreover,  marketing  might  have  the  budget  to  do 
mobile  applications,  and  IT  might  not. 

But  those  two  groups  need  to  collaborate  to  ensure  that  ap¬ 
plications  work  consistently,  both  within  the  user  ituerfoce  and 
in  how  they  access  back-end  apfdications. 

The  challenge  is  rationalizing  the  conflicting  demands  of 
timetable,  budget  and  focus.  “Organizations  that  ate  doing  it 
right  are  getting  both  IT  and  marketing  to  realize  they  bo^  si¬ 
multaneously  share  responsibility  for  the  needs  of  employees  and 
consumers,"  says  Egan.  "They  both  have  to  drive  tevettuq^  and 
extend  profits.  That's  new  thinking  for  most  organizations." 

Avoiding  Help  Desk  Hell 

Even  if  specific  lines  of  business  have  their  own  developtnem 
efforts,  they  must  have  a  liaison  into  IT  for  a  variety  of  reasons. 
Among  other  things,  it  makes  sense  to  coordinate  the  effbns  of 
multiple  departments  on  the  front  end,  and 
when  it  comes  to  technical  support. 

The  alternative  is  help  desk  hell.  “When 
someone  has  a  problem  with  a  mobile  ap¬ 
plication,  they  call  tbe  help  desk,"  says  Rege. 
"If  you  have  17  different  groups  building 
applications,  that's  gmng  to  be  an  existential 
crisis  for  all  tbe  teams." 

Rege  cites  several  simple  examples.  One 
relates  to  Apple  iOS's  security  APIs,  which 
provide  automated  encryption.  "If  the  line 
of  business  hires  outside  developers,  they 
m^t  not  use  those  APIs,"  he  says.  “The 
same  issue  apfdies  with  application  distribu¬ 
tion.  If  someone  in  the  Une  of  business 
builds  an  application,  bow  are  they  going  to 
get  it  to  tbe  employees?  Through  the  [com¬ 
pany's]  app  store  —  but  IT  has  to  provide 
HOLS.  the  certifiation  for  those  applications  to 

NLtALJti'!'  download  properly." 

David  Nichols,  IT  transformation  leader 
fi>r  consulting  firm  EY  (fonneriy  Ernst  & 
Young),  frequently  sees  duplicate  develop¬ 
ment  efforts  within  a  single  enterprise.  “As  for  as  ownership  [of 
mobility]  goes,  it's  still  more  bifurcated  than  you  would  think  in 
companies  that  have  internal  back-office  operations  and  dient- 
focing  technology  as  well.  Those  are  owtted,  managed  and  gov¬ 
erned  by  two  difierent  organizations  that  don't  always  move  at 
tbe  sanK  ^>eed.  They  wind  up  duplicating  a  lot  of  efforts  because 
tbe  right  hand  doesn't  know  what  the  left  hand  is  doing." 

Experts  agree  that  companies  need  to  put  in  place  a  mobile 
model  that  encapsulates  best  practices  and  consistent  capabilities 
—  but  no  one  agrees  (yet,  anyway)  on  exactly  bow  to  get  there. 

agetnent  and  foutxl  that  each  takes  a  different  approach.  Here's 
a  summary  (ff  each;  Create  a  dedicated  team  to  establish  the 
groundwork  for  a  cross-departmental  mobility  effort.  Put  tbe 
effort  under  the  aegis  of  a  dedicated  mobility  manager  report- 
itig  to  the  CIO.  Create  a  center  of  excellence  focused  on  mobility 
that  will  nraintain  the  necessary  consistency  from  the  front-end 
interfoces  to  the  back-end  architectute. 


MOBILE  a  WIRELESS 


L  Lincoln  Wallen,  currently  CTO  at  DreamWorks  Ani- 
I  mation,  opted  ibr  a  dedicated  team  when  he  was  CTO 
r  for  mobile  and  online  at  game  designer  Electronic 
Arts,  from  1004  to  2008. 

The  EA  board  of  directors  “perceived  mobility  as  a  major 
disruptioa  to  the  games  business,"  he  says,  and  that  led  to  the 
idea  of  creating  a  mobile  business  unit  inside  the  existing  major 
opetatioo.  The  diviskm  had  its  own  marketing,  product  develop¬ 
ment  and  general  manager,  who  reported  to  the  head  of  studios. 
Keeping  it  separate  helped  it  Bourisfa  into  a  $200  million  divi¬ 
sion.  Wallen  says. 

After  the  group  esublisbed  itself,  EA  —  as  it  had  planned 
at  the  outset  —  “integrated  its  activity  back  into  the  business, 
because  mobility  is  foundational,  not  siloed."  he  says.  “It  affects 
every  aspect  of  the  business.  You  need  a  vertical  approach  to 
incubate  approaches  and  solutions.  But  in  the  end,  you  have  to 
consider  it  pervasive.  Mobility  is  no  loi^  evolutionary.  It's  the 
world  we  live  in." 

Mobileltoos  Rege  has  also  seen  this  tactic 
work.  One  of  bis  company's 


“The  CEO  believes  in  mobile,  so  he  created 
a  ffvepesson  mobile  team  reporting  directly 
to  him  with  accountability  for  all  mobile 
projects.  Sometimes  to  get  the  efert  kicked 
off,  you  need  to  do  that,"  Rege  says.  The 
company's  CIO  provides  the  bud^  and  the 
group  is  still  working  separately. 


L  MobHtyyaiiacer 

1  Asmobilestrategiesgainimpor- 
e.  the  idea  of  a  chief  mobility 
r,  on  etjual  footing  with  the 
CIO  and  repotting  to  the  CEO,  is  gaining 
traction  in  some  circles. 

However,  IT  executives  we  spoke  to 


requirements  for 
an  application... 
you  ^  away  from 


CIO's  job.  ^ou  obviously  have  to  have  some¬ 
body,  but  if  yew  name  a  chief  mobility  officer,  you're  saying  they're 
at  the  same  level  as  the  chief  information  oeSrxr,’ says  Wallen. 

EVs  Nichols  has  seen  companies  putting  mobility  under  the 
aegis  of  the  CTO,  who  in  turn  reports  to  the  CIO.  “The  CTO  has 


Nichols.  “They  rely  on  the  CTO  to  bring  the  best  thinking  from 
one  group  to  the  other.' 

Mark  Henderson,  chief  operations  officer  at  Case  Western 
Reserve  University  in  Cleveland,  uses  that  tactic.  "We've  been 
dealing  with  device  issues  forever,  because  all  of  our  sttrdents 
coine  nrith  their  ovvn  mobile  devices,  as  does  the  faculty." 
Besides  suppottirig  a  bringymur-ovvihdevioe  envirosunent,  his 


cations  department  wants  a  moixle  app  to  communicate  better, 
and  we  want  to  give  the  students  the  ability  to  access  registration 
[databases]  and  their  grades,"  he  says. 

^  Center  Of  Excelleiice 

Even  mote  than  creating  a  position  dedicated  to 

setting  up  a  mobile  center  of  excellence,  or  a  shared 
ervices  center  under  the  CIO.  “If  you  do  it  right,  you 
can  bundle  development,  creativity  and  strategy,”  he  says.  "It  will 
take  some  time  to  codify  issues  such  as  back-end  access,  identity 
and  access  management,  but  once  those  issues  are  out  of  the  way, 
they  don't  have  to  be  dealt  with  again.  That  helps  bring  the  dead¬ 
line  expecutkms  of  external  and  internal  groups  closer  together.” 

lames  Gordon,  vice  president  of  IT  at  Needham  Bank  in 
Needham,  Mass.,  concurs.  "When  you  have  such  a  group,  they 
think  about  mobility  first,"  says  Gordon,  a  Mobilelron  custrjmer 
who  has  deployed  mobile  devices  across  all  departments,  arid  has 
also  developed  customer-focing  applications 
for  smartphones  and  tablets. 

Needham  Bank's  IT  team  is  small  etxiugh 
(just  Gordon  and  four  other  people)  that  “ev¬ 
eryone  is  responsible  for  mobility,"  he  says. 
“When  we  originally  deployed  our  online 
applications,  we  buik  them  to  be  experi- 
en^  on  a  laptop.  Now  we  have  to  re-imag- 
ine  it.  We  launched  a  new  website  recently, 
and  we  wanted  a  site  that  would  scale  domi, 
with  content  still  there,  whether  you  were 
[looking  at  it]  on  a  monitor,  laptop,  tablet  or 
iPhone."  Gordon's  small  group  was  able  to 
double-down  on  those  mobile  priorities  with 
commitment  and  focus,  he  says. 

Sepharim  Group's  Egan  also  likes  that 
setup  “When  everybody  has  an  agreed-upon 
set  of  requirements  for  an  application,  it 
means  tto  everyone  understands  how  they 
can  achieve  the  goal,  everyone  is  takmg 
shared  responsibility,  and  you  get  away  bom 


features  ate  important  for  an  application.” 
cording  to  some  experts,  is  that  a  center  of 
excellence  should  have  influence  beyond  its  name.  “There's  a 
right  way  and  a  wrong  way  to  do  a  center  of  excellence,"  Rege 
says.  “I’ve  seen  [situationsj  where  no  one  consuked  the  [center] 
because  it  had  mote  security  expertise  than  application  ex¬ 
pertise."  There  has  to  be  a  balaticed  operatiotial  focus  across 
multiple  areas,  be  says. 

Nichrds  concurs.  “You  have  to  put  in  the  infrastructure  to 
make  sure  it  can  be  viable  and  successful,"  be  says.  The  person 
in  charge,  in  other  words,  has  to  have  some  influence,  not  just  an 
advisory  capacity.  ‘If  you  don’t,"  be  adds,  “the  people  within  k 
will  be  all  hat  and  no  cattle." 

Whatever  path  companies  take  to  managing  mobility,  they 
can’t  tarry  —  the  technology  is  changing  too  quickly.  “Mobility 
hasn’t  leveled  off  the  way  the  Web  did  after  a  couple  of  years," 
says  Nichols.  “The  next  two  years  ace  going  to  be  fascinating.”  • 

BaMwta  is  a  Silicon  Valley-based  frokmce  writer  and  /iequent 
contributor  to  Coraputerwocid. 
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MATHIAS  THURMAN 


Server  Surfing  Is  a  Big  No-No 

How  could  a  tightly  restricted  server  in  finance  be 
compromised  by  malware?  Really,  it's  not  that  hard. 


SECUMTV  INCIDENTS  aie  a  com¬ 
plete  disruption  of  my  normal 
day-to-day  activities.  1  kwe 
thm.  I  especially  like  it  when 
they  uiKOver  systemic  problems 
we  might  not  otherwise  have  found  out 
about  We  had  one  of  those  this  week. 

Our  security  inibrmatiaa  and  event 
monitaring  (SIEM)  tool  tipped  us  off, 
notifying  us  that  malware  had  been 
detected,  first  on  a  server,  atrd  dwrtly 
thereafter  on  a  file  server.  Those  ate  not 
resources  that  should  ever  have  occasion 
to  be  exposed  to  malware, 
and  the  fiict  that  the  server 
contairred  big^se 
Satbanes-Oxley  informa¬ 
tion  irraile  the  malware 


The  Romanian  Connection 

The  SIEM  notification  told  us  that  some 
of  our  network  traffic  had  attempted  to 
communicate  with  a  known  command- 
and-control  server  in  Romania.  This 
too  was  odd,  since  Internet  access  from 


My  first  step,  of  course,  was  to  disable 
the  server  switch  port.  Then  I  ordered 
an  analysis  of  the  system  using  ErrCase, 
a  very  powerful  firrensics  tool  and  a  must 
for  a  security  practitioner’s  toolbox.  The 
forensic  analysis  conrduded  that  the 
financial  server  was  the  point  where  the 
malware  originated  within  our  network. 
But  how  could  that  have  happened, 
given  the  restrictions  I've  described? 


be  tightly  restricted  to  little  more  than 


had  logged  on  to  the  server  to  modify 
some  scripts  decided  to  launch  Internet 
Exploter  and  log  in  to 
his  personal  webmail 
account.  He  then 
clidced.oo  a  phish- 

imagine  the  rest. 

We  have  retained  a  third  party  to 
analyze  malware  for  us.  Its  report  stated 
that  the  malware  « 


over  SSL  (Pott  443).  The  communica¬ 
tion  attempt  that  our  SIEM  observed 
was  an  initial  check-in  —  a  heads-up  to 


we  got  a  break,  because  the  Romanian 
server  seemed  to  be  ofifiine.  In  fact,  a 
lot  of  the  cyberworld's  bad  guys  activate 


u 


An  admin  logged  on  to  the  server  ami  deckled  to 
launch  IE  and  log  in  to  his  personal  webmail. 


Trouble 
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their  command-aixl-cnitrol  servers  for 

The  report  also  said  that  the  mahvate 
had  copied  itself  to  open  network  file 
shares.  Because  the  server  was  mapped 
to  the  finance  department's  file  share, 
the  malware  was  srttirig  in  the  toot  direc¬ 
tory  of  that  share,  just  as  our  SIEM  had 
found.  The  server  was  checked  born  top 
to  bottom,  and  we  ran  additional  rootkit 
detection  software  to  ensure  that  it  was 
clean.  Not  wanting  to  take  arty  chances 
with  this  server,  I  was  ready  to  do  a  com¬ 
plete  wipe  arxl  rriruild  it  from  backl^>s. 

In  the  end,  that  wasn't  necessary.  Coo- 
fident  that  the  server  was  clean,  I  needed 
to  find  out  bow  this  incident  could  have 
happened  in  the  first  place.  The  answer 
came  with  a  review  of  the  firewall  rules 
for  the  network:  There  were  no  out¬ 
bound  restrictions  in  place.  They  had 
been  in  place  at  one  time,  but  when  we 
moved  finm  an  on-piemises  data  center 
to  a  hosted  fodlity,  some  of  the  firewall 
rules  didn’t  get  migrated  correctly.  I  had 
the  network  team  dose  off  the  firewall 
bole  by  restricting  outbound  access  from 
this  network  segment  to  the  Internet. 

Just  as  importantly,  it  seems  to  me  that 
any  systems  administrator  with  privi¬ 
leged  access  to  a  critical  resource  should 
know  that  personal  use  of  that  system 


use  servers  for  activity  other  than  official 
business  needs.  * 

This  tveek 's  journal  is  written  1^  a  real 
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Server  Surfing  Is  a  Big  No-No 


SECURITY  INCIDENTS  are  a  com¬ 
plete  disruption  of  my  normal 
day-to-day  activities.  I  love 
them.  I  especially  like  it  when 
they  uncover  systemic  problems 
we  might  not  otherwise  have  found  out 
about.  We  had  one  of  those  this  week. 

Our  security  information  and  event 
monitoring  (SIEM)  tool  tipped  us  off, 
notifying  us  that  malware  had  been 
detected,  6rst  on  a  server,  and  shortly 
,  thereafter  on  a  file  server.  Those  ate  not 
resources  that  should  ever  have  occasion 
to  be  exposed  to  malware, 
and  the  fact  that  the  server 
comainedM^lys^sitive 
Sarbanes-Oxley  informa- 
tion  made  the  malware 
especially  unwelcome 
—  and  surprising,  since  we  have  special 
networks  foi;  segmenting  (xir  SOX  data. 

The  Romanian  Connection 

The  SIEM  notification  told  us  that  some 
of  our  network  traffic  had  attempted  to 

and-control  server  in  Rotoania.  This 
too  was  odd,  since  Internet  access  from 

be  tightly  restricted  to  little  more  than 


My  first  step,  of  course,  was  to  disable 
the  server  switch  port.  Then  I  ordered 
an  analysis  of  the  system  using  EnCase, 
a  very  powerful  forensics  tool  and  a 


«.The 


forensic  analysis  concluded  that  the 
financial  server  was  the  point  where  the 
malware  originated  within  our  network. 
But  how  could  that  have  happened, 
given  the  restrictions  I’ve  described? 

It  turns  out  that  an  administrator  who 
had  logged  on  to  the  server  to  modify 
some  scripts  decided  to  launch  Internet 
Explorer  and  log  in  to 
|■■|■||■■  his  personal  webmail 

BHHDpH  account.  He  then 


We  have  retained  a  third  pa^ty  to 
analyze  malware  for  us.  Its  reptort  stated 
that  the  malware  was  pro^ammed  to 
communicate  with  a  website  in  Romania 
over  SSL  (Port  443).  The  communica¬ 
tion  attempt  that  our  SIEM  observed 
was  an  initial  check-in  —  a  heads-up  to 
the  command-and-control  server  that  an 
installation  had  been  successful.  Here 
we  got  a  break,  becapse  the  Romanian 
server  seemed  to  be  offline;  In  fact,  a 
lot  of  the  cyberworld's  bad  guys  activate 


An  admin  logged  on  to  the  server  and  decided  to 
launch  IE  and  log  in  to  his  personal  webmail. 
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their  command-and'control  servers  for 
only  a  very  short  window. 

The  report  also  said  that  the  malware 
had  copied  itself  to  open  network  file 
shares.  Because  the  server  was  mapped 
to  the  finance  departments  file  share, 
the  malware  was  sitting  in  the  root  direc¬ 
tory  of  that  share,  just  as  our  SIEM  had 
found.  The  server  was  checked  from  top 
‘  to  bottom,  arKi  we  ran  additional  rootkit 
detection  software  to  ensure  that  it  was 
clean.  Not  wanting  to  take  any  chances 
with  this  server,  I  was  ready  to  do  a  com¬ 
plete  wipe  and  rebuild  it  from  backups. 

In  the  end.  that  wasn’t  necessary.  Con¬ 
fident  that  the  server  was  clean,  I  rteeded 
to  fi  nd  out  how  this  incident  could  have 
happened  in  the  first  place.  The  answer 
came  with  a  review  of  the  firewall  rules 
for  the  network;  There  were  no  out¬ 
bound  restrictions  in  place.  The>'  had 
been  in  place  at  one  time,  but  when  we 
moved  from  an  on-premises  data  center 
to  a  hosted  facility,  some  of  the  firewall 
rules  didn’t  get  migrated  correctly.  I  had 
the  network  team  close  off  the  firewall 
hole  b>'  restricting  outbound  access  from 
this  network  segment  to  the  Internet. 

Just  as  importantly,  it  seems  to  me  that 
any  systems  administrator  with  privi¬ 
leged  access  to  a  critical  resource  should 
know  that  personal  use  of  that  system 
''  is  not  a  good  idea.  But  quite  often,  even 
people  in  positions  of  responsibility  need 
training  to  understand  things  that  just ' 

manager.  I  will  have  to  send  an  official 
reminder  to  the  IT  department  not  to 
use  servers  for  activity  other  than  official 


tvhose  name  and  emjAoyer  hove  been 
disguised  for  obvious  reasons.  Contoii  him 
at  marhias_rhunnan@>yohoacom. 
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TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY  ^  :  SKESK  ° 


After  Ballmer:  Can  This 
Company  Be  Saved? 


Even  as  he 
exits,  Ballmer 
Bchangiiig 
howMicnM 
will  run  for 
years  to  come. 


writing  about 
lechnologYandthe 
business  of  technology 
since  CP/U-80  was 
cutting-edge  and 
300bf)swasafast 


IF  THERE'S  ANYTHING  SADDER  in  tech  circles  than  a  pathetic 
Windows  fan  still  trying  to  convince  himself  that  Windows  8.x  has 
been  anything  other  than  a  total  failure,  it  wrould  have  to  be  someone 
who  believes  that  Steve  Ballmer  did  anything  during  his  tenure  as 


MicnMoft’s  CEO  other  than  set  the  company  tq>  to 
follow  in  the  footsteps  of  biled  U.S.  carmakers. 

Scot  Finnie,  Cam^enimWs  editor  in  chief,  re¬ 
cently  spelled  out  Ballmer's  shortcomings.  Bottom 
line:  Microsoft  lost  its  vision.  Instead  of  being  a 
leader,  it’s  been  playing  catch-up  in  mobile,  tablets 
and  search  while  bsing  its  way  on  the  desktop 
with  its  user-hostile  Metro  interface. 

You  don't  have  to  believe  us.  Look  at  the 
numbers.  Microsoft's  board  cut  Ballmer’s  bonus 
because  of  an  i8%  decline  in  Windows  Division 
opetating  income  and  a  $900  million  inventory 
charge  related  to  Surface  RT. 

Tve  been  saying  Microsoft  should  fire  Ballmer 
sinoeaiXiB.  Instead,  he's  leaving  on  his  own  terms. 
Even  as  he  heads  to  the  door,  Ballmer  is  changing 
how  the  caa^nny  wiU  run  for  years  to  come.  Of 

$7  billioa  ixirchase  of  Nokia  doubled  down  on  the 
bet  Microsoft  made,  with  Surface,  to  betray  its 
hardware  partners.  He  did  make  a  smart,  thoc^ 
long  overdue,  move  to  jettison  the  hated  “stack 
ranking’ employee  evaluation  system  (see  story, 
page  6).  But  whether  the  moves  have  been  smart 
or  dumb,  you  have  to  wonder  bow  much  influence 
the  new  CEO  can  have  when  bell  have  to  live  with 

Speaking  of  the  new  CEO,  have  you  looked  at 
the  short  list  of  candidates?  Yack!  (That's  short¬ 
hand  Cor.  “Who  in  this  group  has  what  it  takes  to 
redeem  this  faltering  company?") 

The  most  well  Imown  in  technology  circles  is 
Stephen  Elop.  He’s  a  former  Microsoft  executive, 
so  that  qualifies  him,  right?  Oh  yeah,  he  also  led 


Nokia  to  ruin.  There's  a  crazy  theory  that  Elop 
was  a  Microsoft  plant  at  Nokia,  sent  to  wreck  it 
and  make  it  cheaper  to  buy.  Definitely  crazy,  until 
you  try  to  come  up  with  a  reason  for  him  to  be  a 
serious  candidate  that  makes  any  sense. 

Alan  Mulally  seems  to  have  done  well  at  Eatd, 
but  he’s  played  games  in  describing  just  bow  well 

while  it's  true  that  Ford  didn't  get  funds  from 
the  Troubled  Asset  Relief  Program,  it  did  rely  on 
government  support  to  keep  its  bead  above  water 
at  the  start  of  the  Great  Recession.  By  the  way, 
Mulally  knows  nothing  about  the  tech  business. 

Satya  Nadella  has  overseen  Microsoft’s  money- 

Kevin  Thmer  is  Micnosoff's  COO.  In  that 
role,  he's  been  in  charge  of  Microsoft’s  ad  sales, 
sales  and  marketing,  and  puMic  relations  since 
z<»6.  Well,  I  guess  it  isn’t  really  his  fauk  that 
his  teams  couldnY  make  winners  out  of  dogs  like 
Windows  8  jc,  Windmvs  Phone,  Zune  and  Surface. 

The  one  person  the  Microsoft  board  is  consider¬ 
ing  who  seems  like  a  reasonable  choice  is  Tony 
Bates.  The  former  CEO  of  Skype  has  shown  that 
be  can  handle  both  the  tech  a^  management 
sides  of  business.  But  I  doubt  they’ll  pick  him.  He's 
ortly  been  with  Microsoft  since  zott. 

But  where  are  the  visionaries?  How  about  a 
leader  who  can  radically  transform  a  business? 

I  don’t  see  arty.  Can  arty  of  them  make  a  slow 
company  agile  enough  to  compete  against  nimble 
players  like  Amazott,  Apple  and  Google?  I  don’t 
see  that  happening.  In^^  I  see  the  zoios 
shaping  up  as  the  decade  of  Microsoft’s  decline.  • 
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